The adoption of cloud computing has skyrocketed as a result of the rising demand among businesses for operational benefits such as increased productivity and decreased expenses. According to Gartner’s projections, spending on public cloud services across the globe will approach nearly $500 billion this year. However, a company’s journey through cyberspace is not finished once it has completed the transition to the cloud.
Users and cloud service providers are equally responsible for maintaining a secure environment. The concept of duty of care requires businesses to give some thought to the process by which their data is protected; this applies not only to the protection of cloud-hosted applications but also to the protection of underlying infrastructure such as corporate networks.
Unsecure AWS S3 buckets or exposed APIs are just two examples of the frequent types of security breaches that can result in the exposure of sensitive data. When it comes to access to the cloud, security professionals have a lot of things to think about, such as controlling which accounts should be granted access, what their authentication methods are, and monitoring how much they use the cloud.
The majority of organisations fall short in this regard. Too many people have an undeveloped security posture and rely on spreadsheets to keep track of their login information and passwords. Users have to manually send an email to a member of the IT or security department in order to have their credentials provisioned. This exposes the organisation to a significant risk in a domain that has repeatedly been shown to be expensive.
According to IBM’s Cost of a Data Breach Report 2023, three of the top four most expensive attack vectors relate to credentials. These include phishing, which costs $4.91 million per breach, business email compromise, which costs $4.89 million per breach, and stolen or compromised credentials, which costs $4.5 million per breach. The most common vector that hackers use is the stolen or compromised credential.
The security posture of companies and other organisations needs to be beefed up significantly. The management of credentials through the use of spreadsheets has never been considered a secure method, and increasing the security of the sensitive data does not have to be overly complicated or cost an arm and a leg. The first steps are outlined here for you.
Culture in the organisation should be reevaluated.
The ability to rationalise is ingrained in humans, and this trait is especially useful when it comes to situations in which security measures make it more difficult for them to access something. They do not conduct a proper risk assessment; far too many people will reuse a Netflix password for corporate use because it contains a few random numbers, not realising that the Netflix password is included on a list of passwords that have been compromised.
This is the point where philosophy and policy begin to clash with one another. When it comes to matters of cybersecurity, people may be the most valuable component of an organisation, but they are also its most vulnerable link. The World Economic Forum estimates that 95 percent of problems with cybersecurity can be attributed to errors made by humans. This also has an impact on the methods that businesses use to budget their resources and investments.
When it comes to tackling these challenges and allocating budget, executives in charge of a company need to adopt a balanced approach. It is simple to ignore security concerns in favour of concentrating on making investments in novel capabilities that have the potential to boost revenue, but doing so will, in the long run, make the organisation more vulnerable to cyberattacks. Business leaders can create a competitive advantage over other organisations and become more resilient by allocating budget to achieve a sufficient level of protection. This can be done by allocating budget to achieve a sufficient level of protection.
Establish one’s eligibility for and obtain insurance coverage
The purchase of cyber insurance coverage can strengthen an organization’s organisational security posture and increase the resilience of a business. It is simply not feasible to conduct business in many different areas without having some form of protection in place. But it’s not as simple as just filling out a form here and there.
According to Fitch Ratings, insurance companies are beginning to reduce the amount of risk they take on and consequently have increased premiums by 74% in 2021. Many businesses are required to provide evidence that they possess adequate endpoint detection and response (EDR) and multi-factor authentication (MFA) for network access before they can be considered for coverage. Beazley claims that businesses that have not yet implemented multi-factor authentication are more than twice as likely to become victims of ransomware as those that have already done so. Controls for privileged access management, also known as PAM, are highlighted as beneficial by cyber insurance providers as a means of gaining coverage. A simple password manager is a prerequisite for implementing PAM controls. It is an improvement over a spreadsheet that contains sensitive information and is just waiting to be broken into.
Cyber insurance companies have essentially become the primary drivers behind the implementation of modern security tools. The addition of these controls provides an additional benefit in the form of the possibility for organisations to become eligible for insurance coverage in the event that the worst case scenario actually occurs.
Recognize the unique characteristics of the cloud.
Traditional security measures focus solely on protecting the enclosing barrier that is the on-premises network of an organisation. In the past, the priority was placed on safely entering the bubble, and once that was accomplished, anything and everything was fair game. Employees enjoyed a high level of trust, which allowed for expansive access. When working in the cloud, establishing the bubble is a much more difficult task, and the stakes are raised for determining which identities should be trusted to gain access to which resources.
The migration to the cloud alters the cybersecurity environments of organisations, which may increase their exposure to risk. It is essential to know where passwords are kept and how users are gaining access, which is why it is important to have tools such as multi-factor authentication (MFA) and thorough PAM controls.
What was considered to be an acceptable method for securing an on-premises corporate network just a few years ago is not going to cut it in the cloud today. To ensure that cybersecurity teams are granting access without putting their organisations in danger, cybersecurity professionals need to consider everything from account details to authentication methods and look at security through the lens of zero trust.
Moving to the cloud is an exciting chapter for any organisation, but the cyber leaders of that organisation need to make sure they have the appropriate controls in place so that security can keep pace with the speed of business innovation.